On 2/26/20 5:22 AM, Luke via mailop wrote: > > They also have no process in place for verifying From addresses. With > their API, you can put whatever you want in the From field. Clearly not > ideal, but they arent unique in this regard. All in all, considering the > amount of email SendGrid sends, the scale of the phishing problem is > remarkably small.
I strongly disagree with this. I get the most blatant phishing messages, sometimes sent to obvious role addresses, and reporting it as being received at one address (out of several) has historically caused that address to get listwashed while the mail continues to the others. This morning I looked at a fraction of my inbound Sendgrid mail and found these DMARC rejection failures: --------------------------------------------------------------- Received: from dhl.com (unknown [104.152.185.247]) by ismtpd0077p1mdw1.sendgrid.net (SG) with ESMTP id WDd40e6kS0yDqUPUjLyFpg From: dhlsen...@dhl.com Subject: [Newsletters] DHL Shipment Successful : Air Waybill no 4449826931 Received: from wellsfargo.com (ec2-3-12-148-177.us-east-2.compute.amazonaws.com [3.12.148.177]) by ismtpd0039p1iad2.sendgrid.net (SG) From: Wells Fargo <noreply-al...@wellsfargo.com> Subject: Warning: Account Temporary Blocked Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63]) by ismtpd0001p1lon1.sendgrid.net (SG) From: "Chase Online" <no-re...@alertsp.chase.com> Subject: Your Online Informations are Outdated. Update Now Received: from MTQzMTI5NzY (unknown [35.175.22.107]) by ismtpd0011p1iad2.sendgrid.net (SG) From: "supp...@chase.com" <ap...@prockish.com> Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On 02/27/2020 [MAIL ID:4435446] Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63]) by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id Rmde0K91SFiqiUueuaNLbg From: "Chase Online" <sm...@chaseonline.chase.com> Subject: Online Alert. --------------------------------------------------------------- And this is just the blatant phishing (there's much more non-phishing spam). This is not the sign of a company that cares about phishing. Adding a "will this message trigger a DMARC reject" filter on outgoing mail would be trivial. Adding a filter that flags "@wellsfargo.com" and other frequently phished domain names in the From header would be trivial. Adding a filter that flags mail runs with a high percentage sent to "support@", "info@", "sales@", and "billing@" would be trivial. The fact that they haven't bothered with any of these things after years of this tells you everything you need to know. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop